3. Today’s strategic challenges
Business Agility, Increased pace of delivery, Customer satisfaction
• Low MTBIAMSH (Mean Time Between Idea and making Stuff happen)
4. Today’s strategic challenges
Multiplication of smaller bespoke applications
• WOA, SOA, Micro Services
• Multiplication of front ends
• Products are SaaS newly instantiated for each new customer
5. Today’s strategic challenges
Ever increasing volumes of data and processing
• Limited data center capacity
• Ops efforts scale at best linearly with increased volume
• Push for cloud deployments: private + public
6. Obstacles to overcome
WaterScrumFall
• Dev teams adopt iterative methodologies
• The organization as a whole cannot keep up with Dev Team pace
• Symptoms
• Delivery to production still takes weeks
• Upfront IT resource provisioning at the beginning of a project
• Ticket based IT services deemed too slow for Dev teams
• Difficulties in maintaining IT services catalogues with ever changing demands
http://bit.ly/waterscrumfall
7. Obstacles to overcome
Unaligned objectives and incentives between Devs and Ops
• Devs seek implementing new features and hence introduce change
• Ops seek stability, robustness, availability of systems they manage
8. Obstacles to overcome
Hybrid clouds are complex
• Different operating models between public cloud providers and
private clouds
• No real private cloud infrastructure
• A Virtualized server infrastructure is not a private cloud
9. Keys to solve these challenges
Break up organizational silos
• Think in terms of products not projects
• Construct multidisciplinary teams around products
• Make Devs and Ops cooperate in these teams
• But also other business stake holders
10. Keys to solve these challenges
Align Dev and Ops objectives; increase customer satisfaction
• Error Budget = 100% Availability – Service Level Objective
• Use budget for
• Feature changes and functional regressions (Dev)
• Service Reliability Engineering (Ops)
• When the error budget is consumed
• New features must wait until the budget is recharged
• Only bug fixes go into production
11. Keys to solve these challenges
Construct an agile self-service infrastructure platform
18. Isolation using Linux Features
namespaces
• pid,
• mnt,
• net,
• uts,
• Ipc,
• user
cgroups
• memory
• cpu
• blkio
• devices
19. Docker appeals for its…
• Deployment Speed / Agility – minimal requirements for running the application,
enabling quick and lightweight deployment
• Portability – Independent self-sufficient application bundles
Run across machines without compatibility issues
• Reuse – Versioning, archiving, sharing, roll backs to previous versions of an
application. Platform configurations as code
• Efficiency - compared to classical virtualization, workloads can be run at higher
densities thanks to avoided OS overhead
Source: https://www.upguard.com/articles/docker-vs.-vmware-how-do-they-stack-up
20. Trade off … Speed vs. Isolation
• Shared kernel between containers
• OS-based isolation vs. hardware-based isolation in classical
virtualization
• Detractors often use this as argument for saying : “Docker is not safe”
21. Docker is not safe - well, Really ?
Are all your VMs 100% up to date? Really?
• VMs present a larger attack surface than Linux containers
• Contaminated containers can be quickly destroyed and restarted
• Docker tools allow for end to end security policy enforcement – for all
containers (layered build approach, build automation, security
scanning, trusted registries, container scheduling)
22. Trade off… Ephemeral vs. Stateful workloads
• Docker works best with stateless applications
• Every application must eventually persist its state (Databases)
• Additional efforts and planning is required when setting up a multi-node
production level Docker cluster
24. Isn’t this a bit like Java EE or OSGI ?
EARs, WARs, JARs package applications in deployment artifacts
• Middleware centric – you need an application server
• Limited to Java eco system
• Programming language lock-in
• Programming model lock-in (Java EE / OSGI)
• Also applies to more recent packaging formats, such as WebPacks
25. Ok but I’m already using Heroku…
• PaaS
• Build packs : Java, Node, Ruby,…
• Intuitive UI / UX … nice !
• Source code is held in the repository - no built artifact
• Docker
• Is a shipping format
• Can be used with Docker tool chain to build a more generic PaaS / CaaS
26. XaaS – Pyramid
Software
as a Service
Platform
as a Service
Infrastructure
as a Service
Container as
a Service
Too high
Too low
Product Teams
IT Ops Team
34. Security Governance
Its like a virus scanner for built containers
• Can be integrated in your CI/CD pipeline
• Scans for threads in defined policy files and CVC databases
• Docker Security Scanning
• CoreOS Clair
• OpenSCAP container compliance
• Redhat Atomic Scan
• …
39. Services, Routing and Load Balancing
S_1 S_2
LB
Overlay network
App
Scale
Docker Host Docker Host Docker Host
Service
The scalable service pattern
40. Services, Routing and Load Balancing
The scalable service pattern
• Services scale instances of a container across the cluster
• Comprises a load balancer and an overlay network to connect
containers
• Allows things like rolling updates and rollbacks
• Exists in many schedulers: Kubernetes, Mesos…
• Was introduced in Docker V1.12 Swarm mode
• Not compatible with Docker Compose
• Requires new Distributed Application Bundle – still experimental
41. Services, Routing and Load Balancing
• Workaround prior to Docker 1.12 compatible with Compose V2
45. Persistent workloads
Backend Network
App
Docker Host Docker Host Docker Host
DB
Frontend Network
DB
Data Sync
Volume
plugin
Volume
plugin
Volume
plugin
Volume plugin, distributed or externalized storage
46. Persistent workloads
• Usage of volume plugins is encouraged
• Decouples Product Teams from underlying storage solution
• Connect to external block storage (SAN, NAS, Cloud Provider Block
Storage)
• Network based file systems between Docker Hosts
• GlusterFS, Flocker, Infinit.sh, PortWorx, CEPH
47. PaaS style self service access
• For Product Teams
• Intuitive UI / UX experience
• Role based access (RBAC) integration with Enterprise IAM
• Groups, virtual environments
• Integrates with private repositories, CI/CD
• OpenShift, Rancher, Docker Datacenter…
49. Conclusion
• Docker = Linux Containers + a Complete toolset
• Large eco system (Kubernetes, MesoSphere, CoreOS, Rancher…)
• Orchestration engine choice depends on your use cases
• Limited risk on vendor lock-in: Docker Containers are de facto
standard
• Instead of growing your own cluster, see what the ecosystem can
provide
• Start small, grow steadily